General
-
Target
491544e52e7cc8c4260647abcb38138c21e34406d4e553936c5e1be8931c0099
-
Size
821KB
-
Sample
210516-864qesg2zs
-
MD5
d9b36a4b92a93b667270722827c7d303
-
SHA1
cfaec9d1e7557c483a3415fb4496735c6da181dc
-
SHA256
491544e52e7cc8c4260647abcb38138c21e34406d4e553936c5e1be8931c0099
-
SHA512
11299d1e2388e7132e47dfb2b72cc1a98a92ecb29500082c763f237f2f4f023fb650af7901e6402889fd9a014e55cd4d30464740839f53cdd05f85a65a1ff665
Static task
static1
Behavioral task
behavioral1
Sample
491544e52e7cc8c4260647abcb38138c21e34406d4e553936c5e1be8931c0099.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
491544e52e7cc8c4260647abcb38138c21e34406d4e553936c5e1be8931c0099.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
491544e52e7cc8c4260647abcb38138c21e34406d4e553936c5e1be8931c0099
-
Size
821KB
-
MD5
d9b36a4b92a93b667270722827c7d303
-
SHA1
cfaec9d1e7557c483a3415fb4496735c6da181dc
-
SHA256
491544e52e7cc8c4260647abcb38138c21e34406d4e553936c5e1be8931c0099
-
SHA512
11299d1e2388e7132e47dfb2b72cc1a98a92ecb29500082c763f237f2f4f023fb650af7901e6402889fd9a014e55cd4d30464740839f53cdd05f85a65a1ff665
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-